@b3dotfun/b3-api (>=0.0.42 <=0.0.102), @b3dotfun/sdk (>=0.0.27-alpha.1 <=0.1.70-alpha.9) +38 more potentially affected by CVE-2026-42047 via inngest (>=3.22.13 <=3.47.0)

inngest NPM version =3.22.13, =0.0.42, =0.0.27-alpha.1, =1.0.4, =0.0.26, =2.0.5, =0.0.3-canary.1, =0.1.2, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =0.1.13, =1.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.4-alpha.13 and more Source cves: CVE-2026-42047 Source advisory:...

@localstack/localstack-mcp-server (>=0.2.0 <=0.4.0), @posthog/nuxt (>=0.0.5 <=1.2.8) +4 more potentially affected by unknown CVE via posthog-node (>=5.0.0 <=5.13.2)

posthog-node NPM version =5.0.0, =0.2.0, =0.0.5, =0.62.0, =20.7.1-alpha.134, =0.0.0-client-js-listmessages-agentid-fix-20251119175531, =1.0.0-beta.9 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190925...

Directory Traversal

@mastra/mcp-docs-server is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs in the directory suggestion logic, which allows an attacker to bypass path traversal checks and list the contents of arbitrary directories on the user’s filesystem...

CVE-2025-61685

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685

The CVE concerns Mastra (Typescript framework) with vulnerable versions 0.13.8–0.13.20-alpha.0, where a Directory Traversal flaw affects the MCP server package @mastra/mcp-docs-server. The issue stems from bypassable path-traversal checks in readMdxContent combined with a flawed execute path that...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

EUVD-2025-32426

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

EUVD-2025-31041

Malicious code in bioql PyPI...

PT-2025-40606

Name of the Vulnerable Software and Affected Versions Mastra versions 0.13.8 through 0.13.20-alpha.0 Description Mastra, a Typescript framework for building AI agents and assistants, is susceptible to a Directory Traversal issue. The framework includes a security check intended to prevent path...

Mastra 安全漏洞

Mastra is an AI agent framework open-sourced by mastra-ai. A security vulnerability exists in Mastra versions 0.13.8 through 0.13.20-alpha.0, which stems from a security check being bypassed and could lead to a directory traversal attack...

GHSA-XH92-RQRQ-227V Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...

Exposure of Information Through Directory Listing

Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing via the execute function. An attacker can access sensitive directory listings by...

Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...

CVE-2025-61685

creationtimestamp| type| source ---|---|--- 2025-09-24 15:48:47+00:00| published-proof-of-concept| https://github.com/mastra-ai/mastra/security/advisories/GHSA-xh92-rqrq-227v...